By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Web browser company Brave said on Wednesday that it learned how Google works around GDPR (the EU's data privacy regulation) to help its advertising partners identify European web users. According to the company, which offers its own privacy-focused web browser, Google uses Push Pages that contain unique identifiers to share information with its partners. Those pages appear to be made specifically for identifying web users; they have no other function. This isn't the first time Brave leveled allegations of GDPR violations against Google. The company told the UK Information Commissioner and Irish Data Protection Commission (DPC) in September 2018 that Google's advertising systems were a "massive and ongoing data breach that affects virtually every user on the web." The revelation of these Push Pages is supposed to help support those claims. Brave said the Push Pages rely on a "code of almost 2,000 characters, which Google adds at the end to uniquely identify the person that Google is sharing information about" and which can be used in conjunction with other identifiers, like browser cookies. This makes it easier for Google's partners to connect data about website visitors even if they aren't technically being given their real identity. The Push Pages don't appear to serve any other purpose. Brave said they're never visible to users, and even if someone enters their URL to visit them directly, they don't show any content. (Which implies that Google only intends for them to communicate with other background processes of which web users are probably unaware.) Visit OUR FORUM for more of Google's response to these allegations.

Malware is an unwanted code that somehow made its way onto your computer in order to perform functions designed with malicious intent. Sometimes these programs slow down a machine or cause it to crash entirely. The creators may then demand a ransom in order to fix the machine. Sometimes malware uploads information to remote servers, giving someone access to your saved data or vital credentials that you type, such as passwords and credit card numbers. People tend to create malware for Windows because that’s the operating system found on the most PCs. This increases the odds that a virus will spread from one computer to another. Virus makers tend to target less technical users that are easier to fool with bogus web banners and phishing scams. Viruses also spread among people who know how to pirate music and TV shows but don’t understand how these files may be infected. There are antivirus programs for Linux, but even their purpose is often to help protect Windows users. One piece of malware has recently made news for targeting the Linux desktop. EvilGNOME runs on the GNOME desktop environment by pretending to be an extension. GNOME is the most common Linux desktop environment, found as the default interface on two of the most popular Linux distros, Ubuntu and Fedora, and on computers that ship directly from Linux manufacturers such as System76 and Purism. Legitimate extensions allow you to alter many aspects of the GNOME desktop. The malware known as EvilGNOME is able to take screenshots and record audio from your PC’s microphone. It can also upload your personal files. A more detailed breakdown is available in a report by Intezer Labs, who gave EvilGNOME its name. This malware didn’t attract attention for being particularly likely to impact large numbers of people. It was considered newsworthy because it existed at all. Linux is relatively rare on desktops, but it’s the most prominent operating system found on servers powering the web and managing much of the world’s digital infrastructure. Follow this thread on OUR FORUM.

Hundreds of millions of phone numbers linked to Facebook accounts were left exposed on an unprotected server in the latest massive security breach to plague the embattled tech giant. Up to 419 million phone numbers were stored on a database housed on multiple servers including the numbers of an estimated 133 million US-based users alone. The revelation comes just weeks after Facebook was slapped with a record $5 billion fine by the US Federal Trade Commission for violating users’ privacy rights.
Each phone record was tied to a user’s unique Facebook ID (a long, public number associated with the account), which can then quickly and easily be used to ascertain yet more personal information such as a user’s name, gender and location by country.
This, in turn, can expose users to spam calls and allow hackers to launch SIM-swapping attacks whereby cell phone carriers are tricked into providing a target’s phone number to an attacker. The unscrupulous hacker can then force-reset the password on any online account registered with that number.
This particular method of attack was used against none other than Twitter CEO Jack Dorsey, whose own Twitter account was hijacked. The company announced on Wednesday that it was temporarily disabling the text-to-tweet function due to “vulnerabilities that need to be addressed by mobile carriers.”

Representatives from top tech companies, including Google, Microsoft, and Twitter, met at Facebook’s headquarters on Wednesday with government officials to discuss security ahead of the 2020 election, according to a recent report. According to Reuters, Facebook said the companies and government agencies were working together to develop strategies to block previous weaknesses and avoid future threats with the first primary just five months away. The meeting at Facebook’s Menlo Park, California, offices involved officials from the Department of Homeland Security, the Federal Bureau of Investigation and the Office of the Director of National Intelligence, Bloomberg first reported. Richard Salgado, Google's Director of Law Enforcement and Information Security, told FOX Business that collaboration with law enforcement and other tech companies is key to protect election integrity in the U.S. "At Google, we've invested in robust systems to detect phishing and hacking attempts, identify foreign interference on our platforms, and protect campaigns from digital attacks. But technology is only part of the solution," Salgado told FOX Business in an emailed statement. An anonymous source told Bloomberg about the private, full day of meetings focused on how tech companies are preparing security measures ahead of the 2020 election to prevent against similar disinformation campaigns that were led by Russians organized during the 2016 election cycle. The companies also discussed how they would work with government agencies to keep their sites secure. Representatives from Microsoft and Twitter confirmed to FOX Business that the companies both participated in the talks. The Twitter spokesperson also said the company is “committed to doing our part,” in regard to maintaining the integrity of its site during the 2020 presidential election. For more turn to OUR FORUM.

Exploit reseller Zerodium on Tuesday announced higher going rates for Android vulnerabilities, with the firm now paying out up to $2.5 million for so-called zero-click zero-days, reports Motherboard. As the value of Android exploits increases, the market health of zero-days designed to thwart iOS protections stagnates due to what can be characterized as a supply glut. Zerodium, for example, pays out $2 million for zero-click vectors targeting iPhone, and decreased payouts for one-click attacks from $1.5 million to $1 million, the report said.  Zero-click exploits refer to vulnerabilities that can be leveraged to hack a device without user interaction, while zero-days are defined as bugs, exploits and other flaws that are as yet unknown to platform operators. Zero-days are particularly prized assets for hackers — both lawful and nefarious — looking to break into locked-down devices like iPhone. "The zero-day market is flooded by iOS exploits, mostly Safari and iMessage chains, mainly due [to] a lot of security researchers have turned their focus into full-time iOS exploitation," said Zerodium founder Chaouki Bekrar. "They've absolutely destroyed iOS security and mitigations. There are so many iOS exploits that we're starting to refuse some of them."  The director of the exploit buyer Crowdfense, Andrea Zapparoli Manzoni, agrees with Bekrar's assessment of the market, but notes, not all iOS chains are "intelligence-grade." Still, it appears the supply of vulnerabilities more than sates demand.  Bekrar added that Android is becoming increasingly difficult to crack, in part due to fragmentation. The multi-version, multi-device nature of Google's operating system has long been considered a weakness in terms of consistency and stability, but it is this very "feature" that might prove useful in protecting against widespread attack, the report said. "Learn more at OUR FORUM.

Searching for textbooks and essays in electronic form on the Internet exposes students to a wide range of malicious attacks as Kaspersky Lab researchers found after analyzing data gathered over the past academic year. With the back to school season in full force and everyone looking around for the best possible price, some will end up trying their chances on the web instead of paying for educational materials out of their pocket. While this might look like a bargain at first, it also comes with a lot of dangers seeing that attackers will try their best to infect your computer with malware downloaders that can download and execute banking Trojans and ransomware or with worms capable of quickly spreading to all your contacts and all devices on your network. After taking a closer look at attacks using malicious documents with educational-related filenames and directed at Kaspersky users, the researchers discovered that threat actors targeted potential victims from the educational field over 356,000 times in total over the past academic year. "Of these, 233,000 cases were malicious essays that were downloaded to computers owned by more than 74,000 people and that our solutions managed to block," found Kaspersky. "About a third of those files were textbooks: we detected 122,000 attacks by malware that was disguised as textbooks. More than 30,000 users tried to open these files." While the MediaGet downloader will only download and install an unneeded torrent client, the two other downloaders are capable of dropping a huge range of malware strains on the victims' computers including but not limited to adware, crypto miners, spyware, banking Trojans, and, in the most serious cases, ransomware capable encrypting all their data. Stalk, on the other hand, a worm Kaspersky detects as Worm.Win32.Stalk.a also use spam emails to reach its victims' computers and will immediately attempt to infect any connected USB flash devices and as many devices on the same network as possible. In-depth details are posted on OUR FORUM.

 

Translate